v1.45.0

Summary

Application Security Monitoring now becomes Application Security Management (ASM) with the release of IP blocking for HTTP and gRPC servers, which allows you to block attackers based on their IP addresses, managed from your denylist. You can request a private beta access to this feature here.

Changes

Application Performance Monitoring (APM)

• General tag changes by @zhamza99 in #1562
• ddtrace/tracer/textmap: Added none as a supported propagator for trace context extraction and injection by @dianashevchenko in #1610
• tracer: support b3multi alias for b3 carrier by @katiehockman in #1594
• contrib/google.golang.org/grpc: clarify use of UnaryInterceptor in grpc example by @katiehockman in #1601
• contrib/labstack/{echo, echo.v4}: improve error detection by @knusbaum in #1000
• ddtrace/ext: rename tag error.msg into error.message by @zhamza99 in #1605

Application Security Monitoring Management (ASM)

• internal/appsec: ip blocking for http and grpc by @Hellzy in #1533

Others

• ci: QoL improvements for benchmarks by @ddyurchenko in #1609
• ci: introduce continuous smoke testing by @Julio-Guerra in #1611
• ci: add a nightly govulncheck workflow by @dianashevchenko in #1599

Fixes

Profiler

• Fix duration in (fast)delta profiles by @pmbauer in #1612

Full Changelog: v1.44.1...v1.45.0

v1.44.1

This patch release fixes an issue with Go modules version selection when dd-trace-go is updated using go get -u all, where an unstable indirect dependency was unexpectedly upgrading to an incompatible version and therefore leading to a compilation error.

Full Changelog: v1.44.0...v1.44.1

v1.44.0

Summary

This version notably brings:

• gofiber trace propagation: Users of the gofiber package will now have fully connected traces.
• The profiler adds a new, efficient profile delta computation algorithm, which eliminates almost all of the memory allocation caused by the profiler when delta profiles are enabled. This algorithm can be enabled with the DD_PROFILING_DELTA_METHOD=fastdelta environment variable. It will become the default in a future release.
• The profiler no longer adds an env tag to profiles unless one is explicitly configured, either through the DD_ENV environment variable or through the WithEnv option. This allows profiles to be tagged with the env value configured by the agent, if one is available, rather than getting the previous env:none default tag.
• Remotely enable Application Security Monitoring through Datadog's remote configuration (private beta access required).

A list of minor improvements and fixes can be found in the list below:

Changes

General

• ddtrace/tracer, profiler: add support for DD_TRACE_AGENT_URL by @mackjmr in #1199

Application Performance Monitoring (APM)

• ddtrace/tracer: removed restriction of non-empty fields in sampling rules by @dianashevchenko in #1510
• contrib/aws/aws-sdk-go: expose handler names as const by @mstumpfx in #1524
• ddtrace/tracer: removed dependency between discovery flag and single span sampling by @dianashevchenko in #1509
• contrib/cloud.google.com/go/pubsub.v1: add Option to Publish by @hakankutluay in #1332
• contrib/google.golang.org/grpc: add support for WithUntracedMethods by @mackjmr in #1535
• contrib/database/sql: Rename SQLCommentInjection to DBMPropagation by @alexandre-normand in #1556
• contrib/gomodule/redigo: add support for context by @pedro-tiple in #1463
• contrib/k8s.io/client-go: Add logic to parse additional API calls by @geezyx in #1574
• contrib/gofiber: add gofiber trace propagation by @mckeown-dd in #1487
• contrib/99designs/gqlgen: avoid adding the example dependencies into our go.mod by @Julio-Guerra in #1499

Application Security Monitoring (ASM)

• Remote ASM activation through remote configuration by @Hellzy in #1503
• Update security rules to v1.4.2 by @Hellzy in #1573

Profiler

• profiler: don't add an env tag if the user didn't configure env by @nsrip-dd in #1560
• Fast Delta Profiling by @pmbauer in #1511

Other

• CI: Add automated benchmarking for PRs: #1589 #1588 #1591
• internal/container: add support for PCF containers by @NouemanKHAL in #1549

Fixes

Application Performance Monitoring (APM)

• contrib/database/sql: Fix bad import path in mockdriver.go by @alexandre-normand in #1579
• contrib/net/http: nil transport should default to http.DefaultTransport by @dillonstreator in #1572

Application Security Monitoring (ASM)

• Fix macos 10.15 missing symbols by @Julio-Guerra in #1569
• Fix memory release condition by @Julio-Guerra in #1583

Full Changelog: v1.43.1...v1.44.0

v1.43.1

Summary

The http.client_ip tag of HTTP request spans is no longer collected by Application Performance Monitoring (APM) and is now only reported by Application Security Monitoring (ASM), as part of its security monitoring metadata. If you are still interested in this feature without ASM, please file a feature request.

Fixes

• appsec: report http.client_ip only when appsec is enabled (#1523)

Full Changelog: v1.43.0...v1.43.1

v1.43.0

Summary

This version notably brings:

• Application Security Monitoring on linux/arm64 and darwin/arm64
• The profiler now captures its own CPU overhead. Previously, CPU profiling could be stopped before follow-on work processing the other profile types completed. There is now proper synchronization so this work is captured. Note that there may be a small (<1%) increase in CPU time on profiles. This is not new overhead, or a regression. It is just work that was already being done, now more accurately reflected.
• The new ddtrace.UseLogger function can be used to configure logging for both the tracer and profiler.

A couple of improvements and fixes can also be found in the list of changes below.

Changes

General

• internal/telemetry: support DD_TELEMETRY_HEARTBEAT_INTERVAL configuration environment variable by @katiehockman in #1475

Application Performance Monitoring (APM)

• contrib/99designs/gqlgen: fix go module resolution issue by @david-alza in #1457
• contrib/net/http: don't set the request path in the Route field by @bitterbit in #1471
• contrib/net/http: ensure NewServeMux respects WithResourceNamer option by @mccutchen in #1436
• contrib/database/sql: fix race condition when registering drivers by @rafaeljusto in #1450
• ddtrace: make UseLogger public by @nsrip-dd in #1466
• ddtrace/tracer: switch atomics to 32 bits by @knusbaum in #1443
• ddtrace/tracer: better trace and span ID randomness by @ajgajg1134 in #1472
• ddtrace: support tracer.SetUser on a mockspan by @Julio-Guerra in #1480

Database Monitoring

• contrib/sql/driver: trace sql queries from database drivers implementing DriverContext by @david-ds in #1502

Application Security Monitoring (ASM)

• appsec: fix stripping on macOS by @Julio-Guerra in #1481
• appsec: add support for linux/arm64 and darwin/arm64 by @Julio-Guerra in #1494

Profiler

• Cap the CPU profile duration so it doesn't exceed the profiling period (#1486)
• Ensure that CPU profile records profiler work (#1485)

Full Changelog: v1.42.1...v1.43.0

v1.42.1

Summary

This release fixes a compilation issue when building with appsec on some macOS versions.

Fixes

Application Security Monitoring (ASM)

• appsec: fix libddwaf stripping on macOS (#1481)

Full Changelog: v1.42.0...v1.42.1

v1.42.0

Summary

This release has several exciting features:

• Adds support for Go 1.19. Please note that this means Go 1.17 has maintenance support, and Go 1.16 has legacy support. See our version support policy for more details.
• Introduces support for propagation of trace context via SQL commenting. This experimental feature injects trace context information via sql comments in the sqlcommenter format. It is disabled by default and can be configured via the DD_TRACE_SQL_COMMENT_INJECTION_MODE environment variable or via the WithSQLCommentInjection() option.
• Introduces a WithHostname option for the profiler, which allows overriding the value used for the "host" tag

Changes

General

• all: support latest go version 1.19 by @ajgajg1134 in #1410

APM

• contrib: Adding WithCustomTag to various integrations by @ajgajg1134 in #1359
• internal/telemetry: give user config priority over environment by @nsrip-dd in #1429
• contrib/database/sql: Add WithErrorCheck options by @soh335 in #1315

Database Management

• contrib/database/sql: add db service name tag and _dd.dbm_trace_injected span tag by @alexandre-normand in #1448
• contrib/database/sql: move trace context info to w3c trace context tags by @alexandre-normand in #1454

ASM

• appsec: update the security event rules to v1.4.0 by @Julio-Guerra in #1464
• appsec/waf: update libddwaf to v1.5.0 by @Julio-Guerra in #1460

Profiler

• profiler: add WithHostname option by @nsrip-dd in #1442
• profiler: log when profiler is stopped by @nsrip-dd in #1433

Full Changelog: v1.41.1...v1.42.0

v1.41.1

Summary

This release fixes a bug in the tracer library which incorrectly calculated client-side stats for dropped P0 traces.

Changes

Tracer

• ddtrace/tracer: Always count dropped p0 traces and spans by @ajgajg1134 in #1461

Full Changelog: v1.41.0...v1.41.1

v1.41.0

Summary

This release introduces rule based span sampling for the tracer which can be configured through the env var DD_SPAN_SAMPLING_RULES. For configuration details, see the docs.
Additionally it is now possible to propagate an HTTP request's user id across services when using the SetUser() tracer function, thanks to the WithPropagation() option.
Also, the tracer now flushes trace stats when stopping, and some changes to contribs were also made:

• For net/http the RoundTripper has a new option to ignore outgoing requests
• For segmentio/kafka.go.v0 the message's topic name is used when the writer's topic name is unavailable
• For 99designs/gqlgen, basic support was added for tracing GraphQL functions

The profiler fixed a bug which caused the first minute of activity to be missing from profiles. The profiler now respects the DD_TRACE_STARTUP_LOGS environment variable, which can be set to false to turn off start-up logging. Profiles are now tagged with the seq_id tag, which counts how many profiles have been uploaded so far.

Some more improvements and fixes can also be found in the list of changes below.

Changes

Tracer

• contrib/net/http: Add new option to RoundTripper to ignore outgoing request (#1403)
• contrib/segmentio: reading topic name from message if writer topic is empty (#1400)
• contrib: support tracing for GraphQL (#1380)
• ddtrace/tracer: add an option to propagate user id over services (#1387)
• ddtrace/tracer: add support for single span matching (#1357)
• ddtrace/tracer: force trace stats flush on Stop, thanks @Kyle-Verhoog (#1393)

Profiler

• profiler: implement profile_seq tag (#1391)
• profiler: respect DD_TRACE_STARTUP_LOGS environment variable (#1385)
• profiler: start collecting profiles immediately (#1417)

Full Changelog: v1.40.1...v1.41.0

v1.40.1

Summary

This release updates the version.go file so that the version is not a release candidate anymore, but a full release one.
This will be reflected in the tracer's startup logs. There is no changelog since this release is just a version bump to correct the content of version.go.